Hi,
I've written a few integrations with lichess that run serverless (they run in users browser). Recently they have stopped working and I think it is because the lichess server is not providing the 'AllowsOrigin' headers in the OPTIONS call. Is this a conscious change?
e.g. Chrome will first send this to GET /account/me (captured from dev tools curl as bash):
curl 'lichess.org/account/me' -X OPTIONS -H 'Pragma: no-cache' -H 'Access-Control-Request-Method: GET' -H 'Origin: preview.c9users.io' -H 'Accept-Encoding: gzip, deflate, br' -H 'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36' -H 'Accept: */*' -H 'Cache-Control: no-cache' -H 'Connection: keep-alive' -H 'Access-Control-Request-Headers: authorization' --compressed
To which lichess responds 404 - Resource not found
The GET works fine with the Bearer token. But Chrome refuses to do the GET because the OPTIONS preflight step fails.
@tailuge
I've written a few integrations with lichess that run serverless (they run in users browser). Recently they have stopped working and I think it is because the lichess server is not providing the 'AllowsOrigin' headers in the OPTIONS call. Is this a conscious change?
e.g. Chrome will first send this to GET /account/me (captured from dev tools curl as bash):
curl 'lichess.org/account/me' -X OPTIONS -H 'Pragma: no-cache' -H 'Access-Control-Request-Method: GET' -H 'Origin: preview.c9users.io' -H 'Accept-Encoding: gzip, deflate, br' -H 'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36' -H 'Accept: */*' -H 'Cache-Control: no-cache' -H 'Connection: keep-alive' -H 'Access-Control-Request-Headers: authorization' --compressed
To which lichess responds 404 - Resource not found
The GET works fine with the Bearer token. But Chrome refuses to do the GET because the OPTIONS preflight step fails.
@tailuge